The FBI raided the Florida headquarters of Shenzhen, China based PAX, a retailer of point-of-sale devices. This was amidst accusations that the point-of-sale (PoS) endpoint devices sold by PAX have backdoors that allow for malware to be remotely executed. Brian Krebs, the long-time computer security investigative reporter behind KrebsOnSecurity, wrote that confidential sources claimed network traffic on the PoS devices supplied by PAX contained indicators of malicious traffic, including irregular packet sizes that did not match expected traffic or updates. According to the source, it appeared that the terminals were being used as both a malware dropper for malicious files and as a command and control (C2) server. According to Krebs in the article, several sources also claimed two major financial infrastructure companies in the USA and UK were actively replacing these devices. PAX reportedly has more than 60 million PoS terminals installed in 120 countries.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased